Strictly Necessary

New Text

5.1.2 Data Minimization, Retention and Transparency

Data retained by a party for permitted uses must be limited to the data strictly necessary for such permitted uses. Such data must not be retained any longer than is proporationate and strictly necessary for such permitted uses.

Third parties must provide public transparency of the time periods for which data collected for permitted uses are retained. The third party may enumerate different retention periods for different permitted uses. Data must not be used for a permitted use once the data retention period for that permitted use has expired. After there are no remaining permitted uses for given data, the data must be deleted or de-identified.

Third parties must make reasonable data minimization efforts to ensure that only the data necessary for the permitted use is retained, and must not rely on unique identifiers for users or devices if alternative solutions are reasonably available.

Technically feasible

New Text

End of section 5.1.2:

Third parties MUST make reasonable data minimization efforts to ensure that only the data necessary for the permitted use is retained, and MUST NOT rely on unique identifiers for users or devices if alternative solutions are reasonably available and technically feasible.

Internally verifiable

New Text

End of section 5.1.4:

Third parties must use reasonable technical and organizational safeguards to prevent further processing of data retained for permitted uses. While physical separation of data maintained for permitted uses is not required, best practices should be in place to ensure technical controls ensure access limitations and information security. Third parties should ensure that the access and use of data retained for permitted uses is internally verifiable.

Editor's Draft

5.1.2 Data Minimization, Retention and Transparency

Data retained by a party for permitted uses must be limited to the data reasonably necessary for such permitted uses. Such data must not be retained any longer than is proporationate and reasonably necessary for such permitted uses.

Third parties must provide public transparency of the time periods for which data collected for permitted uses are retained. The third party may enumerate different retention periods for different permitted uses. Data must not be used for a permitted use once the data retention period for that permitted use has expired. After there are no remaining permitted uses for given data, the data must be deleted or de-identified.

Third parties must make reasonable data minimization efforts to ensure that only the data necessary for the permitted use is retained, and must not rely on unique identifiers for users or devices if alternative solutions are reasonably available.

5.1.4 Reasonable Security

Third parties must use reasonable technical and organizational safeguards to prevent further processing of data retained for permitted uses. While physical separation of data maintained for permitted uses is not required, best practices should be in place to ensure technical controls ensure access limitations and information security. Third parties should ensure that the access and use of data retained for permitted uses is auditable.